Computer World Security

Breadcrumb

Knowing how to design, build out, grow, and manage Internet Technology (IT) firms, departments, and facilities provides what you need to take charge in today's most challenging and lucrative IT environments. And lifetime access to the Complete CompTIA Certification Training Bundle is exactly what you need to get the required training and ensuing certifications.

Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people’s devices without permission. What’s going on and what can you do about it?

The Group FaceTime bug, in brief

A 9to5Macreport based on a video published to Twitter by @BmManski that revealed this flaw lets a user listen to audio captured using another person’s device before they accept or reject the call requesting a FaceTime chat. The problem affects only iOS devices running iOS 12.1 or later (pending an update).

As blockchains are being rolled out in an increasing number of pilot programs for everything from cross-border financial transactions to supply chain management, one persistent issue remains: a lack of scalability.

As more computers join the peer-to-peer network, the efficiency of the whole system typically degrades.

Scalability has already been identified as an issue with cryptocurrencies such as bitcoin and Ethereum's Ether. If a distributed ledger is to achieve adoption by financial technology (FinTech) companies and compete with payment networks hundreds of times faster, it must find a way to boost scalability and throughput and address latency problems.

NordVPN promises a private and fast path through the public internet, with no logs, unmetered access for 6 simultaneous devices and access to 5,232 servers worldwide. They are currently running a promotion, but you'll have to use this link to find it. Its typical price has been discounted for 3 years of service -- a good deal at just $2.99 per month. See the $2.99/month NordVPN deal here.

In a sidelong slap at the business model of Facebook, Google and others, Apple CEO Tim Cook has published an article in which he urges the U.S. government to put surveillance capitalists/data brokers under transparent legal oversight.

Stand up for your rights

“In 2019, it's time to stand up for the right to privacy — yours, mine, all of ours.” Cook writes in an article for Time Magazine.

A start-up firm claims its highly efficient distributed ledger protocol can address all the major problems facing blockchain networks, including being able to scale for global financial business by executing up to eight million transactions per second (TPS).

The new blockchain protocol, called Devv, was unveiled and demonstrated at CES in Las Vegas last week.

If the claims prove true, Devv would be able to compete with traditional financial networks in terms of scalability, be far less expensive to use and would address fraud, theft and privacy issues. Like many blockchain protocols, Devv is not just a peer-to-peer (P2P) database technology but also a digital currency or cryptocurrency called Devcash.

Guest host Juliet Beauchamp talks with senior writer J.M. Porup about the newly created cybersecurity insurance industry, and how a policy could fit into an organization's overall security strategy to help minimize risk.

Many enterprises rely on zip files to exchange data, particularly confidential data. And compression helps keep information safe, even against inquisitive ads trackers lurking inside “free” email or online storage services. How do you handle these things on iPad or iPhone?

How to handle zip files on iPhone

While it isn’t especially obvious, iOS provides some limited features that let you archive and decompress zip files. You can even create a nice little Shortcut to do this for you:

Open Shortcuts, Tap Create Shortcut.

In the search bar, type Extract Archive: That shortcut should appear in the list below; tap it to add it to your workflow.

Returning to the search bar, type Save File. When it appears, tap it to add it to the workflow you are building.

Tap the switch button at top right of the shortcut name.

In the next pane, you can name the shortcut and give it an icon. The most important change you should make is to enable Show in Share Sheet (flick to green).

You can create a second Shortcut to make archives. Just type Make Archive to find the relevant flow and then add Save File and Show in Share Sheet as decribed above. Remember to give it a name, such as Make Archive.

Shortcuts can work with multiple compression formats, including .tar, .zip and .iso.

Enterprise security professionals will be pleased to learn that it will soon be possible to enhance the already considerable device security of Apple’s iPhones with hardware-based physical authentication dongles using the Lightning port.

A highly secure proposition

Announced at CES 2019, the key fits on a keyring and comes from the authorization experts at Yubico. The hardware connects to iOS systems using the Lightning connection and is also equipped with USB-C for Macs. This is quite a big deal.

It's a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

"They discovered that persons unknown had hacked into a university server," fish says. "It was being used to launch denial-of-service attacks against a victim somewhere outside the university."

The team's first job is finding the server -- which turns out to be in the alumni office -- and taking it offline.

Then they start digging into the security logs. That's when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it's not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

This year, artificial intelligence will continue its push into mobile hardware and enterprise communication devices, challenging IT shops' enterprise mobility management (EMM) capabilities while at the same time offering potential security benefits.

If 2018 was the year of the data breach, the thinking among IT pros is that this will be the year companies take concrete steps to prevent future breaches.

That was the sentiment among tech professionals who took part in a recent @IDGTechTalk Twitter chat about enterprise tech trends for 2019.

In fact, a recent @IDGTechTalk poll found privacy and security to be the top enterprise tech issue for 2019 (45 percent), followed by artificial intelligence (30 percent), cloud computing (16 percent), and blockchain (9 percent).

Apple wants to make it harder for its customers to use cheap USB-C cables — and it’s for your own good.

The risks of USB-C cables

Cables are complicated, and that’s why friends don’t let friends connect cut-price or otherwise unverified USB-C cables to their systems — and soon, you won’t be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

Medical rehab facility is facing a compliance deadline for HIPAA privacy regulations, and that could be a problem, says a cybersecurity pilot fish working there.

"The HIPAA regulations are strewn with potential issues," fish says. "When some aspect isn't followed and a patient's data privacy is compromised, the fines can be substantial."

And that's the headache fish faces because of his facility's use of Gmail. As the site's cybersecurity engineer, fish knows that ordinary Gmail isn't HIPAA compliant.

Fortunately, there's a fix -- one that involves additional paperwork and agreements, along with some added security verification. But that's still easier and less complex than moving everyone off Gmail.

In the coming year, cyberattacks will zero in on biometric hacking and expose vulnerabilities in touch ID sensors, facial recognition technology and passcodes, according to a new report from credit reporting agency Experian Plc. While biometric data is considered the most secure method of authentication, it can be stolen or altered, and sensors can be manipulated, spoofed or suffer deterioration with too much use.

Even so, as much as 63% of enterprises have implemented or plan to roll out biometric authentication systems to augment or replace less-secure passwords, Experian said in its report. The push toward biometric systems dates back to the turn of the century in the financial services industry.

They were the founders of such household names as Atari and Microsoft. They built the hardware and software that powers the Internet. They used computers to give voice to the young and the disabled. And they rarely did so in the spotlight. Whether they ever achieved fame or fortune, these 13 women and men deserve a place in the history books for their lives, accomplishments, and contributions to science and information technology around the world.

Tags

About SecurityFeeds

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry. Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.